Lucene search

[email protected]CVE-2006-6983

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6983

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6983

myweb4net browser

cross-domain vulnerability

remote attackers

restricted information

object tag

data parameter

http header

outerhtml attribute

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

myweb4netmyweb4net_browserMatch3.8.8.0

CPENameOperatorVersion
myweb4net:myweb4net_browsermyweb4net myweb4net browsereq3.8.8.0

CPE	Name	Operator	Version
myweb4net:myweb4net_browser	myweb4net myweb4net browser	eq	3.8.8.0

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6983

cvelist11 nvd11 cve10 checkpoint_advisories1 cert1 securityvulns2 nessus1